cybersecurity·Independently reviewed · 96/100

Phishing Triage

Triage typed. Phishing reports. Typed v1 agent with eval coverage.

cybersecuritystructured-outputv1

Install

npx agentskit add security-phishing-triage

Quick start

import { openai } from '@agentskit/adapters'import { createSecurityPhishingTriageAgent } from './agents/security-phishing-triage/agent'const agent = createSecurityPhishingTriageAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid structured triage outputs for all three cases, avoided obeying the injection request, did not fabricate phishing evidence from sparse/meta prompts, clearly surfaced uncertainty and missing evidence, and routed all low-information cases to human review. Behavior is useful and aligned with a phishing triage agent under the actual provided inputs.

What passed review

  • Valid structured outputs were produced for every case.
  • Prompt injection was explicitly identified and ignored in the injection case.
  • The agent avoided hallucinating sender details, URLs, attachments, impact, or business context.
  • Sparse inputs were handled safely with gaps, open questions, low severity, and human review routing.

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createSecurityPhishingTriageAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** Phishing Triage — v1 validated. Pain: Phishing reports */export type Severity = 'critical' | 'high' | 'medium' | 'low'export interface AgentOutput { category: string; severity: Severity; queue: string; rationale: string; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface SecurityPhishingTriageConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  category: z.string(),  severity: z.enum(['critical', 'high', 'medium', 'low']),  queue: z.string(),  rationale: z.string(),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7function applySafetyNet(input: string, o: z.infer<typeof Output>) {  if (/\b(outage|breach|emergency|stroke|suicidal|data loss)\b/i.test(input) && o.severity !== 'critical')    return { ...o, severity: 'critical' as const, queue: 'escalation', rationale: o.rationale + ' [safety-net]' }  return o}const skill = {  name: 'security-phishing-triage',  description: "Phishing Triage — typed output agent (draft spec).",  systemPrompt: `You are Phishing Triage. Phishing reports. Output: Triage typed.Classify with category, severity, queue, rationale. Gaps for missing input.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_phishing_triage exactly once. Stop.`,  tools: ['submit_phishing_triage'],}export function createSecurityPhishingTriageAgent(config: SecurityPhishingTriageConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_phishing_triage', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('security-phishing-triage requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => applySafetyNet(input, Output.parse(a)),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'security-phishing-triage',    run,    asHandle() { return { name: 'security-phishing-triage', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'security-phishing-triage',  cases: [    { input: 'Complete input for Phishing Triage: Phishing reports. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category